Password Cracker

Takes passwords to plaintext, via various means (usually bruteforce)


Simple password cracker that attempts to crack password hashes ( md5, sha1, sha256, sha384, sha512) against any given wordlist.
Pre-requisites: Python


Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at It
currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see:


SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.

sqlier [OPTIONS] [url]

-c [host] Clear all exploit information stored for [host].
-o [file] Output cracked passwords to [file].
-s [seconds] Wait [seconds] between page requests.
-u [usernames] Usernames that will be brute forced from the database,
comma separated (Username1,Username2,Username3).
-w [options] Pass [options] to wget.

Passing Field Names:
--table-names [table_names] Comma separated list of table names to guess.
--user-fields [user_fields] Comma separated list of username fields to guess.
--pass-fields [pass_fields] Comma separated list of password fields to guess.


Venom is a tool to run dictionary password attacks against Windows accounts by using the Windows Management Instrumentation (WMI) service. This can be useful in those cases where the server service has been disabled. The tool is written in VB6 and might require some additional runtime libraries to run.

Guessing speeds vary, but tend to be around 45-50 guesses/sec.

The password file supports the formats %username% and lc %username% with the result of the username being used as the password. The prefix lc converts the username to lowercase.


Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future. Brutus was written originally to help me check routers etc. for default and common passwords


HTTP Hacking
Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.


An Innovative Password Hash Cracker
The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables".

Dell BIOS Password killer

This is the 2008 release of the Dell BIOS password killer disk


This is a utility to (re)set the password of any user that has a valid (local) account on your Windows system. You do not need to know the old password to set a new one. It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD or another system. Will detect and offer to unlock locked or disabled out user accounts! There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

Tested on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all versions & SPs), Windows XP (all versions, also SP2 and SP3), Windows Server 2003 (all SPs), Vindows Vista 32 and 64 bit (SP1 also), Windows 7 (all variants). Some say also Windows Server 2008 is OK.

Social-Engineering Toolkit (SET)

Social-Engineer Toolkit, or SET, was designed by David Kennedy (ReL1K) with the intent of automating the social engineering aspect of penetration testing. With a very easy to use menu driven interface, SET will assist you in establishing remote command execution shells with those who fall victim to your phishing campaigns. Those familiar with Fast-Track, another project that David Kennedy (ReL1K) is a primary contributor to, will notice a very similar feel between the two programs. This was intentional as SET is now included as a module within Fast-Track. Those with Fast-Track already installed need only use the "Update Everything" menu option in order to automatically obtain a copy of SET.

Considerably more information pertaining to the Social-Engineer Toolkit (SET) can be obtained at the following address:

Current Version (at time of writing): Version 0.3

To download & obtain a copy of SET:
#svn co

*Note: If you installed via Fast-Track's "Update Everything" menu option and you are wondering where it copied the files..
#cd /pentest/exploits/set

"Hack the Gibson..."

Syndicate content